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ODP-81-1038 
12 August 1981 


MEMORANDUM FOR: ODP/OS Joint Working Group 


ecurlity icer, 


SUBJECT : ODP/OS Joint Working Group Minutes 


1. On 21 July 1981, the ODP/OS Joint Working Group inet in 
Room 2D-03, Headquarters. The following were in attendance. 


2. ISSG will prepare a paper setting out strong 
requirements for cleared maintenance contractors working on 
Agency ADPE. Some of the companies have only 1 or 2 employees 
with an Agency clearance. If they are unavailable when a problem 
arises, an uncleared employee is sent to do the job. There 
should be back-up employees with at least Secret clearances. 
Because the security profile of a company plays an important role 
in a procurement selection, ODP requested that ISSG establish the 
security requirements for maintenance employees. fi: 22} 25X41 


3. The Delta Data 5260 series of terminals were not 
originally manufactured to meet the NACSEM 5100 requirements but 
modifications were introduced later to meet NSA standards. Not 
all of the terminals were modified and ED/ODP has taken Delta 
Data Corporation to task for inadequate performance. ED/ODP will 
develop maintenance procedures that would include periodic 
reviews and send a definition of the program to ISSG. icc 25X41 
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4, a ee after a thorough review stated that 
it was € the Ludlow Password Encryption Program. It 
would take 4 to 12 months to implement. It created many problems 
including a 16 character field that required both alpha and 
numberic characters, a difficult combination for users to 
remember which could result in a less secure protection of 
passwords. SPD will give a more detailed briefing on their study 
at the next meeting. Chief, ISSG, will review the SPD report and 
review other options available. he will set up a meeting with 
SPD within the next month. 


5. The Document Logging System, an infrared wand/bar code 
system, that will control sensitive output at the distribution 
points, is 2/3 complete in its first phase. Software test on VM 
is planned for mid-August 1981 and the wand hardware is expected 
for delivery in five weeks. There has been no contact to date 
with[LL__J]to interface DLS with the SACS badge system which is the 
important part of the automated second phase of DLS. With 
everyone's approval, the time frame for the second phase is 
October 1981. 


6. ACF-2, a security program for MVS to protect data, 
require standards for labels to provide Z (user owned) tape 
support. ACF-2 is currently active but there are about 3000 
exceptions per day mostly due to bad data set names. The data, 
managers write the rules for access and ODP does not know the 
rules established. CSS/ODP is making direct contact with the 
users. The effort is to get the exceptions down to 300 per day. 
or less. ISSG requested reports on the exceptions and will 
contact the ADP Control Officers. I5S5G i send out the 
requirements for their reports to ODP. = 


7. Currently no efforts are being made to investigate 
excessive incorrect log on attempts into VM. VM has the 
capability of sending messages to an operator or other monitor. 
GIMS has a threshold of 3 attempts then records as violations 
further attempts. ISSG will define the requirements including 
the number of incorrect attempts before a message is sent, who 
will monitor the terminals, the location of those terminals and 
the type of information needed in the message. 


3. ISSG has submitted requirements for an audit trail to 
the DD/A/ODP. They also have been working with ORD on the type 
of data that would be significant and meaningful in an audit, 
trail. 
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| rae will work up an — = spribtin 
of the Director of Data Processing and Director of Security. | 


10. The next ODP/OS Joint Working Group Meeting i for 
22 September 1981 at 0900 in Room 2D-03, Headquarters. 
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